Overview

overview

10

Static

static

3

Mono Execu...ox.dll

windows10-ltsc 2021-x64

10

Mono Execu...I2.dll

windows10-ltsc 2021-x64

1

Mono Execu...or.exe

windows10-ltsc 2021-x64

1

Mono Execu...re.dll

windows10-ltsc 2021-x64

1

Mono Execu...ms.dll

windows10-ltsc 2021-x64

1

Mono Execu...pf.dll

windows10-ltsc 2021-x64

1

Mono Execu...le.dll

windows10-ltsc 2021-x64

6

Mono Execu...ta.exe

windows10-ltsc 2021-x64

3

Mono Execu...x.html

windows10-ltsc 2021-x64

4

Mono Execu...ain.js

windows10-ltsc 2021-x64

3

Mono Execu...bat.js

windows10-ltsc 2021-x64

3

Mono Execu...fee.js

windows10-ltsc 2021-x64

3

Mono Execu...cpp.js

windows10-ltsc 2021-x64

3

Mono Execu...arp.js

windows10-ltsc 2021-x64

3

Mono Execu...csp.js

windows10-ltsc 2021-x64

3

Mono Execu...css.js

windows10-ltsc 2021-x64

3

Mono Execu...ile.js

windows10-ltsc 2021-x64

3

Mono Execu...arp.js

windows10-ltsc 2021-x64

3

Mono Execu.../go.js

windows10-ltsc 2021-x64

3

Mono Execu...ars.js

windows10-ltsc 2021-x64

3

Mono Execu...tml.js

windows10-ltsc 2021-x64

3

Mono Execu...ini.js

windows10-ltsc 2021-x64

3

Mono Execu...ava.js

windows10-ltsc 2021-x64

3

Mono Execu...ess.js

windows10-ltsc 2021-x64

3

Mono Execu...lua.js

windows10-ltsc 2021-x64

3

Mono Execu...own.js

windows10-ltsc 2021-x64

3

Mono Execu...dax.js

windows10-ltsc 2021-x64

3

Mono Execu...sql.js

windows10-ltsc 2021-x64

3

Mono Execu...e-c.js

windows10-ltsc 2021-x64

3

Mono Execu...sql.js

windows10-ltsc 2021-x64

3

Mono Execu...php.js

windows10-ltsc 2021-x64

3

Mono Execu...ats.js

windows10-ltsc 2021-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mono Executor Final.zip

  • Size

    4.3MB

  • Sample

    241225-v4mspa1jbl

  • MD5

    e215631abb30dba77b197e48b9b7f4aa

  • SHA1

    68ed6d59c7e2af0d45320758f34b44c7f9479908

  • SHA256

    a615daba183741c31ef4bf96c1f1fd5783afac56fb3d61feda491288e7317a76

  • SHA512

    49f612f004c814a388b3a89e3d489d9e172e875dd1a719a34ce0527003d5ae521219dab13e88ff31fcede80b154919745fc0d8dc11c438cb3226ee56012bbb31

  • SSDEEP

    98304:C7ZhM71rKtH0cNDLMe9767pBJZGqX/p0vKSwfQMst7UJXoW:IQ78ecNfz9e7pzZJX/aidYMm7aYW

Score
10/10
njratxmrighackeddiscoveryevasionexecutionminerpersistenceprivilege_escalationtrojanupx

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes
  • reg_key

    165d6ed988ac1dbec1627a1ca9899d84

  • splitter

    |'|'|

Targets

    • Target

      Mono Executor Final/Debug/FastColoredTextBox.dll

    • Size

      323KB

    • MD5

      8610f4d3cdc6cc50022feddced9fdaeb

    • SHA1

      4b60b87fd696b02d7fce38325c7adfc9e806f650

    • SHA256

      ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9

    • SHA512

      693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09

    • SSDEEP

      6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO

    Score
    10/10
    njratxmrighackeddiscoveryevasionexecutionminerpersistenceprivilege_escalationtrojanupx

    • Njrat family

      njrat

    • Xmrig family

      xmrig

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Creates new service(s)

      persistenceexecution

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      Mono Executor Final/Debug/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c97f23b52087cfa97985f784ea83498f

    • SHA1

      d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89

    • SHA256

      e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd

    • SHA512

      ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512

    • SSDEEP

      49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr

    Score
    1/10
    behavioral2

    • Target

      Mono Executor Final/Debug/Injector.exe

    • Size

      18KB

    • MD5

      31ec6f010e896718994e4ef100f3f39e

    • SHA1

      7b5ac3683bf84df67e90d0e919ff650757694ab9

    • SHA256

      6361ee808f7e4e1a8632c49aaa59fc333c76b489a0bf4364108b00ab2da3384f

    • SHA512

      149b51484e962b89d996b36d0cc01bf1e5f17ed3a2d2aa2a3261d3d0c868b56bf66059e1281a858a91df06fe766b59284e76f657b0e491b4336ebc34808c1b60

    • SSDEEP

      192:EI3dbwIFy/l5e4gBIWVmTneWT5Tvsd/58IvgQHFdjOymaAws681esQ5XNo8EEM3I:EUwH5e4gBH0b/T5TEd/jRsMEEM3xo

    Score
    1/10
    behavioral3

    • Target

      Mono Executor Final/Debug/Microsoft.Web.WebView2.Core.dll

    • Size

      589KB

    • MD5

      a53ba26a25f78f512cb2f393f9c96463

    • SHA1

      4176d5607859817a0b44a253c34f7edb3a46f21e

    • SHA256

      88a3b62f45225a811cdb85df6dfd95c2bff9a0e43e3b04f813b125eaca56cc9f

    • SHA512

      df1cd812fce4a46cae7f4d59256a12732367d16981b01f1067d58966d6612ae102eaa274fc3c9ac21aeb0422cf09ac1232fbe2b74d1daf6c76489f6e8de16751

    • SSDEEP

      12288:WrCyR/rpQ322fy+uFKcDmuRFNEMzeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLc6:Va7

    Score
    1/10
    behavioral4

    • Target

      Mono Executor Final/Debug/Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      92acec9aed00f134ba86a0f7c496f26c

    • SHA1

      3cd10e0afdd7955716a83d5f5d59859c6f7c7353

    • SHA256

      29fc954c3fde1749817d158f3dd5ebe9efd3b3ce9708d86092fb1e9f023a1cb0

    • SHA512

      4e11772afa9282c2f5f2565b0e908102fc8d0a08c40ca57587c338698e9ab747ff5a1673d32b6cd09d7b22b0e6c2836f1324ec8257e5223754595160a4c28ad2

    • SSDEEP

      768:umgRNRbnIfWuJCRfXBkrQYZDgcEST3p4Jjrjh2jeFSUyauTv1JKia5/Zi/WG4KgL:XQR20BUQYZDgcEST3p4JjrjaeFSUyauO

    Score
    1/10
    behavioral5

    • Target

      Mono Executor Final/Debug/Microsoft.Web.WebView2.Wpf.dll

    • Size

      81KB

    • MD5

      b98c511e0f75434a66d9bf0efd1795db

    • SHA1

      515c6c1627775ce5149b410f4b19a2f25b41b2a8

    • SHA256

      1c5b6c792916d168093ef9b836f33e818d2d15d0c81f0864b5cddff97d913319

    • SHA512

      73fc64485db816be0bf135c7740ee916836c3bf03caabb85a1be7c5b3a4862cc1caa4975944cfd670f1cc2d90ae7c305cbea3dd9f27633244c51e5efcbaed2cd

    • SSDEEP

      1536:jmJUzMJcumSzTIudfRz+Ohsha87Y1DHfFWyEb30mpc4Jjr4YeUqRHhwU0fdwzvUe:YUzMJNzTIudB+Oh0a8+DHfFC30mpc4JY

    Score
    1/10
    behavioral6

    • Target

      Mono Executor Final/Debug/Module.dll

    • Size

      2.3MB

    • MD5

      c610b0e9a85e7369ad6db8b83e99cf41

    • SHA1

      64ee1a8eb555a02d3e31b9d78040df05c5b0969f

    • SHA256

      2ada3204b9597d4ab3e176e4bff1ed56ddce96661bb7038a94dbaf0cd5859c6b

    • SHA512

      dd350eb9228adb3ca1eceb457cd2ef0d319b4ad263254927d3b55fbd20c1a5daf116ed917cabef8961e0f813f73c7968773ec92f1e747dacde06f5648fc1322d

    • SSDEEP

      24576:2BAUNrajMNg6A7SPO8kLdgKB5K9nx1x++n7SxP0eiW7G2GKCXkw4cCq8VxBLHmJY:ENRYH8kLat7yPbzoXkw4cCq8Vx5giv

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7

    • Target

      Mono Executor Final/Debug/MonBeta.exe

    • Size

      185KB

    • MD5

      a60ac99bc102893ac421e220dd883433

    • SHA1

      e30724c7f6e5570ab84a8b6bf98b3e99b8e3b037

    • SHA256

      ca3c98a760b98f855c8c0cfad1e17190fe332fc5aa9d51d8194b3092b64f4731

    • SHA512

      cac1df99f3dbb10c02849f7b1214150add4fa124010a0416a30ff64aa54f9148e778730f4aa69bf37be8d25aad9ffa35d870a4d7469bff26a13c75a92fcad592

    • SSDEEP

      3072:283SWl8GF6Nl+dl2a4ZWeDtYW5nuQjjOs44kdqshAcmMcI:283z85YlqhR9u2vMsInV

    Score
    3/10
    discovery
    behavioral8

    • Target

      Mono Executor Final/Debug/Monaco/index.html

    • Size

      1KB

    • MD5

      efd81d18eef80e7a5cc70db71d658067

    • SHA1

      98b0b7b9c738705263d92b41ef9f810a2f2cd849

    • SHA256

      38df7c585f0775d175435305f709b7418d60a98e17d542299e2ccb35c4cd2726

    • SHA512

      9a46cd4abc069ad2c7247863c6e9a29bf546f47150ac41feac448bf8d092672e42033e386dcb55a80d9e61c79458cd8589b5587b018e0fe852fb13dd8053b4d4

    Score
    4/10
    discovery
    behavioral9

    • Target

      Mono Executor Final/Debug/Monaco/vs/base/worker/workerMain.js

    • Size

      149KB

    • MD5

      27ead90c7702154755785e0e53398755

    • SHA1

      86b59485fe6f6ccb1805183fa75062a2ac1c859e

    • SHA256

      bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5

    • SHA512

      6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82

    • SSDEEP

      1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw

    Score
    3/10
    execution
    behavioral10

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/bat/bat.js

    • Size

      2KB

    • MD5

      4cb475399c4490eea41982dcd6d9653e

    • SHA1

      fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185

    • SHA256

      9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40

    • SHA512

      27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783

    Score
    3/10
    execution
    behavioral11

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/coffee/coffee.js

    • Size

      3KB

    • MD5

      9d0c4ac1691eed0a480c3e9246490d29

    • SHA1

      38258864fd070c35cec6b68715d58771df9fe3e1

    • SHA256

      e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9

    • SHA512

      437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6

    Score
    3/10
    execution
    behavioral12

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/cpp/cpp.js

    • Size

      5KB

    • MD5

      0a16509e6cd0155fb622e785cfe976c7

    • SHA1

      7afa7f823191c43d7a4bdd7d91577495de62c21a

    • SHA256

      a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b

    • SHA512

      2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d

    • SSDEEP

      96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL

    Score
    3/10
    execution
    behavioral13

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/csharp/csharp.js

    • Size

      4KB

    • MD5

      f8f841d13c9220e15dcd6bc386b37ba2

    • SHA1

      2b8b7003820d19ed83afde98c845db5e3d5753f8

    • SHA256

      6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f

    • SHA512

      0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5

    • SSDEEP

      96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI

    Score
    3/10
    execution
    behavioral14

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/csp/csp.js

    • Size

      1KB

    • MD5

      22ada25d590811dcff4e5f5d698e583b

    • SHA1

      c43d4846967d5037ef05b102e49d1fbc54e45fbc

    • SHA256

      4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789

    • SHA512

      c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189

    Score
    3/10
    execution
    behavioral15

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/css/css.js

    • Size

      4KB

    • MD5

      49ad30f1151cfd7a74677fdc6dd13da9

    • SHA1

      286d47f0a4cfa26da2e4d1f1317a8c87000bb5fc

    • SHA256

      bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91

    • SHA512

      7337706bfd5bd54938da0fba35e97f8e5780491c04b58d43fc6d905bd2dca92897f1ed8d48e42665f166da7684cc6e29a63ae73f8d3779a9feb97c397a642f0d

    • SSDEEP

      96:hFDMgRsozIq+q17qcq6V1+/aMj1cqTroIrqjKf8O3lzXY0Jc:hZzzv9VmjoOf8O39XbJc

    Score
    3/10
    execution
    behavioral16

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/dockerfile/dockerfile.js

    • Size

      2KB

    • MD5

      e32de981bdaf75e6ffb8fe40bc955a68

    • SHA1

      bef1af7b26ea01c987c7a6295bb7192d83a32068

    • SHA256

      65b86fc54e9b35d6cb84f01dfb905680dbcad6605757de1d6bca84e3029889af

    • SHA512

      a3eadd8c1389dff6c2c6e595efff69be3a573d01e4e16b8e4a8b28f63e4c48c9c439b5dd93666d81d703d1c6b5bf927cc8e47d04af270128095f0d579407c2f4

    Score
    3/10
    execution
    behavioral17

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/fsharp/fsharp.js

    • Size

      3KB

    • MD5

      de122b3bc44a8714f386dc80282dcb12

    • SHA1

      06888a9b616993e9af9797cec64c6d419065f2cb

    • SHA256

      1390079babc117d3f376735780d98f409f317eb4628d17106642c6933ea1da7f

    • SHA512

      ab48f2e5bfa6ea0024530141bb5d35b9090ee0254a3e8f8b86fa36cc8c2fca8000a3caafcfffc1d83e21c488e1f1990c91f537290b54fbbca1d3c7be090dfba5

    Score
    3/10
    execution
    behavioral18

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/go/go.js

    • Size

      2KB

    • MD5

      5b4484c914cd97aff4510b803f2517ef

    • SHA1

      8f275ac36c57c4c464e30f92f525ffbd0fd436c6

    • SHA256

      46d1757c3cd3dbc3c7b465a338880144922a1c34c30e36f06ff2db8c2ff75b86

    • SHA512

      b34c64f9997f4b72760eca270d2a0c2e22d83467d3f0bc82e7c0e63d62d8f9d74a144a28d676a223cdefef417af723801ac0535375d0dd64bb3a81e87617fed0

    Score
    3/10
    execution
    behavioral19

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/handlebars/handlebars.js

    • Size

      6KB

    • MD5

      3ca7cf83292b56444548f2914c0e1811

    • SHA1

      4be5b1adaa187d82a94967e6960d811acd700b93

    • SHA256

      31d25588d120e7c79f3332ff3b3c794cebd0554c7578e3bb37b3cac366e4f6c2

    • SHA512

      2d337b64def0d42f8bd6476cf31e806f67f77d26c95c68e75574fc310f7974852a810f8b197238559a2cb20d07914de5844481477321cdcb2c68c47da9088eb8

    • SSDEEP

      96:hFDMgRspITV1+/I/+B1BerJzlWK2BZwIBTIwbcdg6EHpf4Og6E8S6g6EB+FpAjE3:hZhbYbQRld2BZ1O0p4OE60+dMZLDs

    Score
    3/10
    execution
    behavioral20

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/html/html.js

    • Size

      4KB

    • MD5

      630fa41f59a189aed68b4db82559de95

    • SHA1

      14a527d27240ba0effcfa43a5c46b9289e96b822

    • SHA256

      c717ac0701d3b1e22dc52a0c53608214297e5fab7bc7011cf4e964f2eca9d62f

    • SHA512

      e15c602788f13afd1e19e5f82de7a35eb9656950553bc3913205ba3e70ddf87199b7f9b358db7b7704efd3dc85029ad277692b6b84f5f549964b9dd7cce1ad60

    • SSDEEP

      96:hFDMgRsfInV1+/6mQVV1+HBwBRl0GSytHd6EHaK4T6Ef6EByyEhcKMgEQEJWf:hZLP+4+GLl0GSytHLaK4ccKM2

    Score
    3/10
    execution
    behavioral21

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/ini/ini.js

    • Size

      1KB

    • MD5

      b9252b74381fe17565d494711f4c9093

    • SHA1

      9ed6a00a166c0b5abdbb3ea45fa7df3a5defc8ee

    • SHA256

      1f0feeae58c32f6e1f31b78f7e2aab3c91da387e464234c0f55ebff0e77444a2

    • SHA512

      2fe594de8ac3444223edc011cbd7f08a6f8ab2de2bf56919c2d6f1208e22391652d14549c3822c21c4999139ffce711fdbf00725e95aa01068bf5f223c3b8710

    Score
    3/10
    execution
    behavioral22

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/java/java.js

    • Size

      3KB

    • MD5

      826546e08f178d68e8aa2ab29194c03a

    • SHA1

      444ed723cadc4231f2dce5c54597fa8558893d12

    • SHA256

      44be702cae05d5844dc1c452f9bd94020007b9e543a765db4e6649278607d218

    • SHA512

      8edb46eefaa3277374ba5dc656423115735573a57e82002745ce6112f666079d6ab7d9b5a79ed208ff51487e9ec2b757c45ec1b3c8119d8cbcd4f7cd30347ef9

    Score
    3/10
    execution
    behavioral23

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/less/less.js

    • Size

      4KB

    • MD5

      696ef3dca27b4f9313deba6f99710154

    • SHA1

      d3b377cae3355c3facbecc85bb342d4af34436ca

    • SHA256

      ed8d1a9da4e62d1cffe4c83580c9df57d688e850a45ace72c11bdeb064520a16

    • SHA512

      f9f65f8730fac803cb01d127c467359f428dbcc8e368f40a15fd56b7150b2258e9c581c3a35712ccc2fcde8a7108c89a33b80cb72721fea663a11a553657dc29

    • SSDEEP

      96:hFDMgRsR6rMq+q17qcq6V1+/v+ufj1cCzBbu/2nOgeJamEulIHrraW4NUa:hZE6rr9PuhlzBbu4OLaDuKqW4NUa

    Score
    3/10
    execution
    behavioral24

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/lua/lua.js

    • Size

      5KB

    • MD5

      8706d861294e09a1f2f7e63d19e5fcb7

    • SHA1

      fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

    • SHA256

      fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

    • SHA512

      1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

    • SSDEEP

      96:SD3yDUfRD5dyVdO29SvE/TMCL8CvcOAtOfxSVkxMZlMfE:nD4Ldyn7Ss/TMmUtOfxhxjE

    Score
    3/10
    execution
    behavioral25

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/markdown/markdown.js

    • Size

      3KB

    • MD5

      caf4799639d5df40dfb1b979ed68af9c

    • SHA1

      6578ccc5111ddc190c354449be2630d91a21523b

    • SHA256

      eaaf453e0a9f9a604547e564a24e682503189cb9b85c87715bc9b5b6492b6f62

    • SHA512

      e787f3f849a40c608c3b35b732f16e4400c2d47e89ff309566afbc879fe37a7018722b959dc8ddc8c859d76e2f7bc0b85555cd27f7fc5e4d8e51e460ed32c9ca

    Score
    3/10
    execution
    behavioral26

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/msdax/msdax.js

    • Size

      5KB

    • MD5

      eaa7bff8662633aec211d57fd17cb8ce

    • SHA1

      3d783a13339a5797fa701165484bbdb70ffc0616

    • SHA256

      6ab13356e083c4334e93d3167bdd17d02552508bfd11ea044c880af3a1dd94f9

    • SHA512

      b3c5069dd3b8b56c0c945cd36909e2d7b575d3b804714b724b7f80bf03de1983a29e33dce050ff599017ece4ce22dce1f01bddda7ae2d41b25779455b96f4c00

    • SSDEEP

      96:hFDMgRsHrviqgq+q17qU/E18Qby0qbmofEsl93Bjy2rzR9sJDJOuz3O+PYLq+v6I:hZmrTY8Ey0UJfEI9z+zz3O+PYLZy4axE

    Score
    3/10
    execution
    behavioral27

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/mysql/mysql.js

    • Size

      14KB

    • MD5

      6482b3f16ca4f1436d5a5c9b54ab8956

    • SHA1

      bec1d967c0db6ca73cde65debd418f3e2c4db36c

    • SHA256

      7ba586bf9c623dc23f27a46e95a22342caa1f42d3b19fd9c018eb3b7298206dd

    • SHA512

      24b0dcb75254f4d69209d42bed81730c7c9ccac2230047a8fe46c81dab5a65618ce59be1b09100a1a2e42c515ea2a923a9c7084280bc567b2a6ee987cfb11039

    • SSDEEP

      384:hALxoDo1S36rNh/xkxnethQZZ62lANnY0k7N6AVzIAtSc2F9/0yW:SLxoDo1e4Nh/xNthQZZgNn67N6AVzIAp

    Score
    3/10
    execution
    behavioral28

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/objective-c/objective-c.js

    • Size

      2KB

    • MD5

      3ba48944ccda06514bf9723a2308b4c8

    • SHA1

      e9ebac91264e0510f8ff80710244c3ce56aee1b4

    • SHA256

      35af39baf166f7c2e3c95345b10ec46aa523f98783daa745aef64503019e3253

    • SHA512

      b8b1096188bf3837a696353988c4bd1b21f1cbde54a9ce8436f139765189c5dc8ffb02ad931a364d4780fb7fbb7dc18a600cc19a5db3e1a412f38d7269a24030

    Score
    3/10
    execution
    behavioral29

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/pgsql/pgsql.js

    • Size

      17KB

    • MD5

      7183810944428c812b3f9f4ed4adbb6d

    • SHA1

      5931e0e973678b836f548d11095b77398f7c38e5

    • SHA256

      a9487e85b74fd293c0131ae9bc181e72baecf5a0a6f8b71e97770d79332c09c0

    • SHA512

      a0eb6a021b24db38b98c7db1c5584bf190f789e5cb65fe13b7fb881fff1665cdaa7914556e0c0984f620b55b63a7b9f7902b706d596b2603e8720dc85dfa185f

    • SSDEEP

      384:hhLx5HtCBHHfrxrOmYbatR9uwX6l+qCVFQBTI7e9/asW:PLx5HtCBHHfrxrOmGaZKgKBTIuisW

    Score
    3/10
    execution
    behavioral30

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/php/php.js

    • Size

      8KB

    • MD5

      fffc04cacea00100299900c7969e44dd

    • SHA1

      d15b7aff67d8fa813c43e35ac58ec08a74f4701b

    • SHA256

      af43769fa1bdef70da786c2296c3a5f91552163c78d5c8ede46620a146edda92

    • SHA512

      19dd22739eb9373a2b8f4acd7712d7631adf1cfbadbdec9dac2bda25e8594731ab30caa5cf2deb241c76429f8e381775b60ae5857e4ac6b735f493885c4dac6f

    • SSDEEP

      192:hZe+rrpRld2BZwd0C4Ov6f+AME/gujcm91wIJ3tjPq:hQ+rr7xPSVrgm91w+3t2

    Score
    3/10
    execution
    behavioral31

    • Target

      Mono Executor Final/Debug/Monaco/vs/basic-languages/postiats/postiats.js

    • Size

      8KB

    • MD5

      0c7a2538121071fd75d9f08806500ea3

    • SHA1

      968d9ee1b928cf62712ec69d5f02aeb025cc3623

    • SHA256

      e49fe4654ae374d12dc7a4cb210ba95f490982a014886ede88a0dad3fd99a760

    • SHA512

      ae39edd35bd9caa13c4e263910ce93375beadebbee846ef8d5e5da1d8f054e236ff3310e2938fcf3f9d1eefde1bbe03c20ddaad243a73f6249d8a1563f6afe67

    • SSDEEP

      192:hZCrsRJNHUKhfdGiAQ3Sv0vExaeZtSkgsv:hsrsbNHsQ3SMMYcF

    Score
    3/10
    execution
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Service Stop

1
T1489

Tasks

static1

Score
3/10

behavioral1

njratxmrighackeddiscoveryevasionexecutionminerpersistenceprivilege_escalationtrojanupx
Score
10/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
6/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
4/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10